Skip to content

Microsoft Secure

EMS_lifestyle 1

Developing an effective cyber strategy

The word strategy has its origins in the Roman Empire and was used to describe the leading of troops in battle. From a military perspective, strategy is a top-level plan designed to achieve one or more high-order goals. A clear strategy is especially important in times of uncertainty as it provides a framework for those...

Read more

Overview of Petya, a rapid cyberattack

In the first blog post of this 3-part series, we introduced what rapid cyberattacks are and illustrated how they are different in terms of execution and outcome. Next, we will go into some more details on the Petya (aka NotPetya) attack. How Petya worked The Petya attack chain is well understood, although a few small...

Read more

EMS_Cloud_5-300x168

Protecting customers from being intimidated into making an unnecessary purchase

There has been an increase in free versions of programs that purport to scan computers for various errors, and then use alarming, coercive messages to scare customers into buying a premium version of the same program. The paid version of these programs, usually called cleaner or optimizer applications, purportedly fixes the problems discovered by the...

Read more

IGF proves the value of bottom-up, multi-stakeholder model in cyberspace policy-making

In December, the Internet Governance Forum (IGF) brought the world together to talk about the internet. I tend to take a definite interest in cybersecurity, but there were many more important topics discussed. They ranged from diversity in the technology sector through to philosophy in the digital age. Cybersecurity was, nonetheless, a major theme. My...

Read more

Overview of rapid cyberattacks

Rapid cyberattacks like Petya and WannaCrypt have reset our expectations on the speed and scope of damage that a cyberattack can inflict. The Microsoft Enterprise Cybersecurity Group Detection and Response team worked extensively to help customers respond to and recover from these kinds of attacks. In 2017, among the global enterprise customers that we worked...

Read more

Ransomware-encounter-rate-Windows-10-vs-7

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks showed the force of ransomware in making real-world impact, affecting corporate networks and bringing down critical services like hospitals,...

Read more

Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems

Last week the technology industry and many of our customers learned of new vulnerabilities in the hardware chips that power phones, PCs and servers. We (and others in the industry) had learned of this vulnerability under nondisclosure agreement several months ago and immediately began developing engineering mitigations and updating our cloud infrastructure. In this blog,...

Read more

binary code - abstractTechnology concept collection

Application fuzzing in the era of Machine Learning and AI

Proactively testing software for bugs is not new. The earliest examples date back to the 1950s with the term “fuzzing.” Fuzzing as we now refer to it is the injection of random inputs and commands into applications. It made its debut quite literally on a dark and stormy night in 1988. Since then, application fuzzing...

Read more

How Microsoft tools and partners support GDPR compliance

This post is authored by Daniel Grabski, Executive Security Advisor, Microsoft Enterprise Cybersecurity Group. As an Executive Security Advisor for enterprises in Europe and the Middle East, I regularly engage with Chief Information Security Officers (CISOs), Chief Information Officers (CIOs) and Data Protection Officers (DPOs) to discuss their thoughts and concerns regarding the General Data Protection...

Read more

Fast moving car trail in city at night

How public-private partnerships can combat cyber adversaries

For several years now, policymakers and practitioners from governments, CERTs, and the security industry have been speaking about the importance of public-private partnerships as an essential part of combating cyber threats. It is impossible to attend a security conference without a keynote presenter talking about it. In fact, these conferences increasingly include sessions or entire...

Read more